Common Vulnerabilities and Exposures by NIST

CVE-2014-4929 N/A

2014-08-20 2014-08-20

Directory traversal vulnerability in the routing component in ownCloud Server before 5.0.17 and 6.0.x before 6.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in a filename, related to index.php.

Vendor(s): N/A

Affected OS(s) / software(s): N/A

CVE-2014-5382 N/A

2014-08-20 2014-08-20

Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Schrack Technik microControl with firmware 1.7.0 (937) allow remote attackers to inject arbitrary web script or HTML via the position textbox in the configuration menu or other unspecified vectors.

Vendor(s): N/A

Affected OS(s) / software(s): N/A

CVE-2014-2524 N/A

2014-08-20 2014-08-20

The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.

Vendor(s): N/A

Affected OS(s) / software(s): N/A

CVE-2014-3331 N/A

2014-08-20 2014-08-20

The Session Manager component in Packet Data Network Gateway (aka PGW) in Cisco ASR 5000 Series Software 11.0, 12.0, 12.1, 12.2, 14.0, 15.0, 16.x through 16.1.2, and 17.0 allows remote attackers to cause a denial of service (process crash) via a crafted TCP packet, aka Bug ID CSCuo21914.

Vendor(s): N/A

Affected OS(s) / software(s): N/A

CVE-2014-3340 4

2014-08-20 2014-08-20

Directory traversal vulnerability in an unspecified PHP script in the server in Cisco WebEx MeetMeNow allows remote authenticated users to read arbitrary files via a crafted request, aka Bug ID CSCuo16166.

Vendor(s): Cisco

Affected OS(s) / software(s): 1

CVE-2014-3514 N/A

2014-08-20 2014-08-20

activerecord/lib/active_record/relation/query_methods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection mechanism via crafted input to an application that makes create_with calls.

Vendor(s): N/A

Affected OS(s) / software(s): N/A

CVE-2014-4618 8.5

2014-08-20 2014-08-20

EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to gain privileges via a user-created system object.

Vendor(s): Emc

Affected OS(s) / software(s): 11

CVE-2014-4749 4.3

2014-08-20 2014-08-20

IBM PowerVC 1.2.0 before FixPack3 does not properly use the known_hosts file, which allows man-in-the-middle attackers to spoof SSH servers via an arbitrary server key.

Vendor(s): Ibm

Affected OS(s) / software(s): 6

CVE-2014-4750 2.9

2014-08-20 2014-08-20

IBM PowerVC Express Edition 1.2.0 before FixPack3 establishes an FTP session for transferring files to a managed IVM, which allows remote attackers to discover credentials by sniffing the network.

Vendor(s): Ibm

Affected OS(s) / software(s): 3